Use Luks password for login?
up vote
0
down vote
favorite
I have the same password for my swap encryption and my login as main user. So it would be nifty to take the password from the boot-pw-dialogue to log in. Already the system uses the password to decrypt the other encrypted partitions, so it should be possible to take that password one step further to the login. Or asked the other way round:
Why do I have to enter the disk-encryption password and the user password although they are the same?
luks auto-login
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
0
down vote
favorite
I have the same password for my swap encryption and my login as main user. So it would be nifty to take the password from the boot-pw-dialogue to log in. Already the system uses the password to decrypt the other encrypted partitions, so it should be possible to take that password one step further to the login. Or asked the other way round:
Why do I have to enter the disk-encryption password and the user password although they are the same?
luks auto-login
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have the same password for my swap encryption and my login as main user. So it would be nifty to take the password from the boot-pw-dialogue to log in. Already the system uses the password to decrypt the other encrypted partitions, so it should be possible to take that password one step further to the login. Or asked the other way round:
Why do I have to enter the disk-encryption password and the user password although they are the same?
luks auto-login
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have the same password for my swap encryption and my login as main user. So it would be nifty to take the password from the boot-pw-dialogue to log in. Already the system uses the password to decrypt the other encrypted partitions, so it should be possible to take that password one step further to the login. Or asked the other way round:
Why do I have to enter the disk-encryption password and the user password although they are the same?
luks auto-login
luks auto-login
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Nov 12 at 19:04
Peter Reiser
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Nov 12 at 19:04
Peter Reiser
6
asked Nov 12 at 19:04
Peter Reiser
6
6
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Peter Reiser is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38
add a comment |
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Peter Reiser is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Peter Reiser is a new contributor. Be nice, and check out our Code of Conduct.
Peter Reiser is a new contributor. Be nice, and check out our Code of Conduct.
Peter Reiser is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1092310%2fuse-luks-password-for-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Because they're completely unrelated.
– GabrielaGarcia
Nov 12 at 20:09
i dont see it that way. i.e. pam-mount can be used to decipher partitions using the login password, which is done for encrypted home folders or i.e. has to be done with iscsi - drives as in my ubuntu iscsi only mounts very late at startup, so those partitions cant be mounted using crypttab/fstab. and i dont see a reason why the service which takes the key from boot wouldn be able to pass it further on to login. another reason is that the login password has to be as strong as the device encryption key, so why not just use the same on single user systems. luks can handle multiple passwords.
– Peter Reiser
Nov 12 at 20:25
You're confusing a decryption that happens when the OS is already loaded with the one that happens before the OS, let alone user login. And that's why they're totally unrelated.
– GabrielaGarcia
Nov 12 at 20:30
there is no gap between boot and gui load, why shouldnt it be possible to pass a variable from from boot to the gui, as systemd is always continously running?
– Peter Reiser
Nov 12 at 20:38